2 Unix SMB/Netbios implementation.
4 run a command as a specified user
5 Copyright (C) Andrew Tridgell 1992-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 /* need to move this from here!! need some sleep ... */
25 struct current_user current_user;
27 extern int DEBUGLEVEL;
29 /****************************************************************************
30 This is a utility function of smbrun().
31 ****************************************************************************/
33 static BOOL setup_out_fd(char *template)
38 pstrcpy( path, template);
39 pstrcat( path, generate_random_str(17));
40 pstrcat( path, ".XXXXXX");
42 /* now create the file */
43 fd = smb_mkstemp(path);
46 DEBUG(0,("setup_out_fd: Failed to create file %s. (%s)\n",
47 path, strerror(errno) ));
51 DEBUG(10,("setup_out_fd: Created tmp file %s\n", path ));
53 /* Ensure file only kept around by open fd. */
58 /****************************************************************************
59 run a command being careful about uid/gid handling and putting the output in
60 outfd (or discard it if outfd is NULL).
61 ****************************************************************************/
63 int smbrun(char *cmd, int *outfd, char *template)
66 uid_t uid = current_user.uid;
67 gid_t gid = current_user.gid;
70 * Lose any kernel oplock capabilities we may have.
72 oplock_set_capability(False, False);
74 /* point our stdout at the file we want output to go into */
76 if (outfd && ((*outfd = setup_out_fd(template)) == -1)) {
80 /* in this method we will exec /bin/sh with the correct
81 arguments, after first setting stdout to point at the file */
84 * We need to temporarily stop CatchChild from eating
85 * SIGCLD signals as it also eats the exit status code. JRA.
88 CatchChildLeaveStatus();
90 if ((pid=sys_fork()) < 0) {
91 DEBUG(0,("smbrun: fork failed with error %s\n", strerror(errno) ));
108 /* the parent just waits for the child to exit */
109 while((wpid = sys_waitpid(pid,&status,0)) < 0) {
120 DEBUG(2,("waitpid(%d) : %s\n",(int)pid,strerror(errno)));
128 /* Reset the seek pointer. */
130 sys_lseek(*outfd, 0, SEEK_SET);
133 #if defined(WIFEXITED) && defined(WEXITSTATUS)
134 if (WIFEXITED(status)) {
135 return WEXITSTATUS(status);
144 /* we are in the child. we exec /bin/sh to do the work for us. we
145 don't directly exec the command we want because it may be a
146 pipeline or anything else the config file specifies */
148 /* point our stdout at the file we want output to go into */
151 if (dup2(*outfd,1) != 1) {
152 DEBUG(2,("Failed to create stdout file descriptor\n"));
158 /* now completely lose our privileges. This is a fairly paranoid
159 way of doing it, but it does work on all systems that I know of */
161 become_user_permanently(uid, gid);
163 if (getuid() != uid || geteuid() != uid ||
164 getgid() != gid || getegid() != gid) {
165 /* we failed to lose our privileges - do not execute
167 exit(81); /* we can't print stuff at this stage,
168 instead use exit codes for debugging */
172 /* close all other file descriptors, leaving only 0, 1 and 2. 0 and
173 2 point to /dev/null from the startup code */
176 for (fd=3;fd<256;fd++) close(fd);
180 execl("/bin/sh","sh","-c",cmd,NULL);